CERT-In Detects Threats With High Severity in iPhone, iPad, Mac, ChromeOS and Firefox Browser

These vulnerabilities can be fixed by installing software updates.

CERT-In Detects Threats With High Severity in iPhone, iPad, Mac, ChromeOS and Firefox Browser

Photo Credit: Reuters

Vulnerabilities can be used to bypass security restrictions

Highlights
  • Criminals can execute arbitrary code
  • Attackers can cause DoS attacks on machines
  • They can also access sensitive information

The Indian Computer Emergency Response Team (CERT-In) appointed by the Ministry of Electronics and Information Technology has found multiple vulnerabilities of high severity in iOS, iPadOS, and macOS by Apple as well as Google' ChromeOS and Mozilla' Firefox Internet browser. iOS is an operating system for iPhone models, iPadOS runs on iPad models, and macOS powers the Mac machines. As per the nodal agency, these vulnerabilities can be used to bypass security restrictions and cause denial-of-service (DoS) attacks rendering the devices unusable.

Mac machines running on macOS Catalina with security update prior to 2022-005, macOS Big Sur versions prior to 11.6.8, and macOS Monterey versions prior to 12.5 are at risk, as per CERT-In. The vulnerabilities in macOS versions as well as iOS and iPadOS could be exploited by a remote attacker by persuading a victim to visit a malicious website. The cybercriminal can execute arbitrary code, bypass security restrictions, and cause DoS conditions on the targeted system.

The macOS vulnerabilities exist due to out-of-bounds read in AppleScript, SMB and Kernel, out-of-bounds write in Audio, ICU, PS Normalizer, GU Drivers, SMB and WebKit. Authorisation issues have been found in AppleMobileFileIntegrity; information disclosure in the Calendar and iCloud Photo Library.

Similar vulnerabilities have been found in iOS and iPadOS versions prior to 15.6. The macOS vulnerabilities exist due to out-of-bounds write in Audio, ICU, GPU Drivers, and WebKit, out-of-bounds read in ImageIO and Kernel, authorisation issues have been found in AppleMobileFileIntegrity; information disclosure in the Calendar and iCloud Photo Library, among others.

In case of Mozilla Firefox, versions prior to 103, ESR versions prior to 102.1 and 91.12 have been found vulnerable. The vulnerabilities exist due to Memory safety bugs within the browser engine, preload cache bypasses subresource integrity, leak of cross-site resource redirecting information while using the Performance API, among others. These loopholes may provide an attacker access to sensitive information on the targeted system.

The vulnerabilities in Google ChromeOS pose a pretty similar threat as Firefox. The vulnerabilities exist in Google ChromeOS LTS channel versions prior to 96.0.4664.215 due to out-of-bounds read in the compositing component, incorrect implementation in Extension API, use-after-free error within the Blink XSLT component, among others.

CERT-In says these vulnerabilities can be fixed by installing software updates. Users of these operating systems and Mozilla Firefox are advised to install the software patches as soon as they can.


Is Pixel 6a the best camera phone under Rs. 50,000? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Sourabh Kulesh
Sourabh Kulesh is a Chief Sub Editor at Gadgets 360. He has worked in a national daily newspaper, a news agency, a magazine and now writing technology news online. He has knowledge on a wide gamut of topics related to cybersecurity, enterprise and consumer technology. Write to sourabhk@ndtv.com or get in touch on Twitter through his handle @KuleshSourabh. More
Maruti Suzuki Says Chip Shortage Limiting Production Volumes; 51,000 Vehicles Not Produced in June Quarter
Nokia 8210 4G With Unisoc T107​ SoC, Wireless FM Radio Launched in India: Price, Specifications
Share on Facebook Tweet Snapchat Share Reddit Comment
 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2022. All rights reserved.